790 lines
42 KiB
Go
790 lines
42 KiB
Go
// Copyright 2014 Google Inc. All Rights Reserved.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package client_test
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"encoding/base64"
|
|
"encoding/hex"
|
|
"encoding/json"
|
|
"fmt"
|
|
"math"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"reflect"
|
|
"regexp"
|
|
"strconv"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
|
|
ct "github.com/google/certificate-transparency-go"
|
|
"github.com/google/certificate-transparency-go/client"
|
|
"github.com/google/certificate-transparency-go/jsonclient"
|
|
"github.com/google/certificate-transparency-go/testdata"
|
|
"github.com/google/certificate-transparency-go/tls"
|
|
"github.com/google/certificate-transparency-go/x509util"
|
|
)
|
|
|
|
func dh(s string) []byte {
|
|
b, err := hex.DecodeString(s)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
return b
|
|
}
|
|
|
|
const (
|
|
ValidSTHResponse = `{"tree_size":3721782,"timestamp":1396609800587,
|
|
"sha256_root_hash":"SxKOxksguvHPyUaKYKXoZHzXl91Q257+JQ0AUMlFfeo=",
|
|
"tree_head_signature":"BAMARjBEAiBUYO2tODlUUw4oWGiVPUHqZadRRyXs9T2rSXchA79VsQIgLASkQv3cu4XdPFCZbgFkIUefniNPCpO3LzzHX53l+wg="}`
|
|
ValidSTHResponseTreeSize = 3721782
|
|
ValidSTHResponseTimestamp = 1396609800587
|
|
ValidSTHResponseSHA256RootHash = "SxKOxksguvHPyUaKYKXoZHzXl91Q257+JQ0AUMlFfeo="
|
|
ValidSTHResponseTreeHeadSignature = "BAMARjBEAiBUYO2tODlUUw4oWGiVPUHqZadRRyXs9T2rSXchA79VsQIgLASkQv3cu4XdPFCZbgFkIUefniNPCpO3LzzHX53l+wg="
|
|
|
|
PrecertEntryB64 = "AAAAAAFLSYHwyAABN2DieQ8zpJj5tsFJ/s/KOZOVS1NvvzatRdCoQVt5M30ABHowggR2oAMCAQICEAUyKYw5aj4l/KoZd+gntfMwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHzAdBgNVBAsTFkZPUiBURVNUIFBVUlBPU0VTIE9OTFkxJTAjBgNVBAMTHEdlb1RydXN0IEVWIFNTTCBURVNUIENBIC0gRzQwHhcNMTUwMjAyMDAwMDAwWhcNMTYwMjI3MjM1OTU5WjCBwzETMBEGCysGAQQBgjc8AgEDEwJHQjEbMBkGCysGAQQBgjc8AgECFApDYWxpZm9ybmlhMR4wHAYLKwYBBAGCNzwCAQEMDU1vdW50YWluIFZpZXcxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MR0wGwYDVQQKDBRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEWMBQGA1UEAwwNc2RmZWRzZi50cnVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALGdl97zn/gpxl6gmaMlcpizP/Z1RR/cVkGiIjR67kpWIB9MGkBvLxmBXYbewaYRdo59VWyOM6fxtMeNsZzOrlQOl64fBmCy7k+M/yBFuEqdoig0l0RAbs6u0LCNRv2rNUOz2G6nCGJ6YaUpt5Onatxrd2vI1bPU/iHixKqSz9M7RedBIGjgaDor7/rR3y/DILjdvwL/tgPSz3R5gnf9lla1rNRWWbDl12HgLc+VxTCVVVqTGtW/qbSWfARdXxLeLWtTfNk68q2LReVUC9QyeYdtE+N2+2SXeOEN+lYWW5Ab036d7k5GAntMBzLKftZEkYYquvaiSkqu2PSaCSLKT7UCAwEAAaOCAdEwggHNMEcGA1UdEQRAMD6CDWtqYXNkaGYudHJ1c3SCC3NzZGZzLnRydXN0gg1zZGZlZHNmLnRydXN0ghF3d3cuc2RmZWRzZi50cnVzdDAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vZ20uc3ltY2IuY29tL2dtLmNybDCBoAYDVR0gBIGYMIGVMIGSBgkrBgEEAfAiAQYwgYQwPwYIKwYBBQUHAgEWM2h0dHBzOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeS9sZWdhbDBBBggrBgEFBQcCAjA1DDNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFLFplGGr5ssMTOdZr1pJixgzweFHMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL2dtLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL2dtLnN5bWNiLmNvbS9nbS5jcnQAAA=="
|
|
PrecertEntryExtraDataB64 = "AAWnMIIFozCCBIugAwIBAgIQBTIpjDlqPiX8qhl36Ce18zANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEfMB0GA1UECxMWRk9SIFRFU1QgUFVSUE9TRVMgT05MWTElMCMGA1UEAxMcR2VvVHJ1c3QgRVYgU1NMIFRFU1QgQ0EgLSBHNDAeFw0xNTAyMDIwMDAwMDBaFw0xNjAyMjcyMzU5NTlaMIHDMRMwEQYLKwYBBAGCNzwCAQMTAkdCMRswGQYLKwYBBAGCNzwCAQIUCkNhbGlmb3JuaWExHjAcBgsrBgEEAYI3PAIBAQwNTW91bnRhaW4gVmlldzELMAkGA1UEBhMCR0IxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxHTAbBgNVBAoMFFN5bWFudGVjIENvcnBvcmF0aW9uMRYwFAYDVQQDDA1zZGZlZHNmLnRydXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZ2X3vOf+CnGXqCZoyVymLM/9nVFH9xWQaIiNHruSlYgH0waQG8vGYFdht7BphF2jn1VbI4zp/G0x42xnM6uVA6Xrh8GYLLuT4z/IEW4Sp2iKDSXREBuzq7QsI1G/as1Q7PYbqcIYnphpSm3k6dq3Gt3a8jVs9T+IeLEqpLP0ztF50EgaOBoOivv+tHfL8MguN2/Av+2A9LPdHmCd/2WVrWs1FZZsOXXYeAtz5XFMJVVWpMa1b+ptJZ8BF1fEt4ta1N82TryrYtF5VQL1DJ5h20T43b7ZJd44Q36VhZbkBvTfp3uTkYCe0wHMsp+1kSRhiq69qJKSq7Y9JoJIspPtQIDAQABo4IB5jCCAeIwRwYDVR0RBEAwPoINa2phc2RoZi50cnVzdIILc3NkZnMudHJ1c3SCDXNkZmVkc2YudHJ1c3SCEXd3dy5zZGZlZHNmLnRydXN0MAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9nbS5zeW1jYi5jb20vZ20uY3JsMIGgBgNVHSAEgZgwgZUwgZIGCSsGAQQB8CIBBjCBhDA/BggrBgEFBQcCARYzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMEEGCCsGAQUFBwICMDUMM2h0dHBzOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeS9sZWdhbDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUsWmUYavmywxM51mvWkmLGDPB4UcwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vZ20uc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vZ20uc3ltY2IuY29tL2dtLmNydDATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAZZrAobsW5UGOclcvWS0HmhnZKYz8TbLFIdrndp2+cwfETMmKOxoj8L6p50kMHMImKoS7udomH0TH0VKxuN9AnLYyo0MWehMpqHtICONUoCRXWaSOCp4I3Qz9bLgQZzw4nXrCfTscl/NmYh+U3VLYa5YiqbtzLeoDMg2pXQ3/f8z+9g4sR+6+tjYFSSfhvtZSFIHMJN8vCCHZIftNa2NxnFsQvp8V5GYCnZQOrbeqtoCgiZKeSnvDSEIPB+HQF4tHJTSiOd9I4DChzPn89vakUUWeiL4Z4ywf0ap7+1uFc5AlsUusm/VScsaGgJ9WPJqNtFXnnTkDpreL7gC+KetmJQAK7gAEKjCCBCYwggMOoAMCAQICEAPdhZRnA2PpjT8E8BujKHMwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHzAdBgNVBAsTFkZPUiBURVNUIFBVUlBPU0VTIE9OTFkxNjA0BgNVBAMTLUdlb1RydXN0IFRFU1QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMzExMDEwMDAwMDBaFw0yMzEwMzEyMzU5NTlaMG0xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR8wHQYDVQQLExZGT1IgVEVTVCBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDExxHZW9UcnVzdCBFViBTU0wgVEVTVCBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYDAA9HZOyqHErBSXabwfxlE3wUw13CTI64uJPKqLnxHs8Yeya2fueqzRy7U4vmuauj7ehlI/0hc7hpRPA5iwXzEB3H0H5m5KuYBQdbFGKu/JI09XYhFqhekjCbYkeuUk3AUAg16mIbihGvWXo/W09Rg6LPtrL/efQq4wDAEcY0PM/u5aqGRgT6Dg/SnWKEj9ZDTuRwbP8l0A9Vq3PR6Y1Gq8o+L+sIXA6qbt3wsl2A8Zavgi9pbCuVhJPf69I9FNs7cd20JwH30rou4Y+T4CNk4a5F00+QHDcyMhf92qP4+eCjWEtibyzUzeIt74KCUGWPwMbOtSYw7wBC7p4YqEwIDAQABo4GwMIGtMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSxaZRhq+bLDEznWa9aSYsYM8HhRzAfBgNVHSMEGDAWgBRuAQAD/r3QNjPgu2LhMlA2bZMdMTBHBgNVHSAEQDA+MDwGBFUdIAAwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwDQYJKoZIhvcNAQELBQADggEBAJk4Do4je+zfpGR7sLj/63Dtd5iUeJ1eNbLo3cmZesFXMCUSGhn6gfrKRmafjt6rXzpL/DHO7haLmSXGTAuq2xC1Up8tyUjNzyq25ShZEVJW3+ud7PW9W5I/ABKQaASmaDT/8tgGXkRzmfJd7lnV2y9F9KgcZ6fmOSe+EUwx/By7lVMCLrSAEVwpjQBA9pJjZ4V94ZVySu1AyeXqNkZ66Jcpc95ONlwIxmZn8gQe16tlo0rccxZ0ZjP7G3eK/1yyvFJW9yZRXw533HTfJWuVGzx40/CYNCVf97Oy51GEuULYHfNBtXFqGAiNHW2Rk+TdoUY/D89EgVHYGadbt9qbePoAA+0wggPpMIIDUqADAgECAhAgSXp/mbGJ2RfIkXHHcjw7MA0GCSqGSIb3DQEBBQUAMHQxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MR8wHQYDVQQLExZGT1IgVEVTVCBQVVJQT1NFUyBPTkxZMTIwMAYDVQQLEylFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgVEVTVDAeFw0wNjExMjcwMDAwMDBaFw0xODA4MjEyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR8wHQYDVQQLExZGT1IgVEVTVCBQVVJQT1NFUyBPTkxZMTYwNAYDVQQDEy1HZW9UcnVzdCBURVNUIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJFX7GBMMTPQ1ZFRc2D7SQebbPRk7+Zp5FcQ4Aj9dqaGtlK3TLwTw/1dcCbMjldXP3idcCvI45gXnAl3k5XqExRiaK0BE5wwvnt1Kv8xutRVTPfVwiyLbTRVRdLlL4DojklDnwXVEQAGx6sniBqJyf36dwb/4EHiNZBFe/kj0Ch4jihT4WeXv6b4e0qyL8dUGMtsEA+M0mU+Nc45aD3zAW2xDa6ZnBYdD//8PcUNNS3xp2ilGgIc03JgZj8mFNBONns8dHs8ZJGY9qxRiN0YwgqRhak185ixqXeJaWv7dKo8jAHmju+zz4nC2qNVTSHUe3HNO/14kAlPf3pzDBNzNtAgMBAAGjge0wgeowHQYDVR0OBBYEFG4BAAP+vdA2M+C7YuEyUDZtkx0xMA8GA1UdEwEB/wQFMAMBAf8wRgYDVR0gBD8wPTA7BgRVHSAAMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL3Rlc3QtY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAOBgNVHQ8BAf8EBAMCAQYwHwYDVR0jBBgwFoAUiknD95Gj0KAaOuclQ8ExX0lIIGEwDQYJKoZIhvcNAQEFBQADgYEABOnm8HMpzjTS2sqXOv5bifuAzrqbrx0xzLaRi2xOW6hcb3Cx9KofdDyAepYWB0cRaV9eqqe1aHxaoMymH+1agaLufssE/jMLHNA9wAyZAr+DgAeaWzz0MWJJrRBEwhDnd/IMir/G3ydEs5NCLmak69wfXRGngoczPQSuMeN73FcAAs4wggLKMIICM6ADAgECAhAdn+8thA4gjKK8vUnAuDgzMA0GCSqGSIb3DQEBBQUAMHQxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MR8wHQYDVQQLExZGT1IgVEVTVCBQVVJQT1NFUyBPTkxZMTIwMAYDVQQLEylFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgVEVTVDAeFw05ODA4MjIwMDAwMDBaFw0xODA4MjIyMzU5NTlaMHQxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MR8wHQYDVQQLExZGT1IgVEVTVCBQVVJQT1NFUyBPTkxZMTIwMAYDVQQLEylFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgVEVTVDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmEaR7a3GQT5R12jnrMmZuFeWdcB9IYlxOfKQRyeEow/RT6vn5cd4ftBUYWaTsYT7tfalWmh3Q8PEExXpwDU6s4E/LOh7skQZteL5S0gq0a/zZeH2ugWQ3ZzQmyNg9sN7SHv7fdtqm3oCSqi/bsfhq6xVpIQjVYbHBogkHLwxrqUCAwEAAaNdMFswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFIpJw/eRo9CgGjrnJUPBMV9JSCBhMB8GA1UdIwQYMBaAFIpJw/eRo9CgGjrnJUPBMV9JSCBhMA0GCSqGSIb3DQEBBQUAA4GBAHpWthUM2qNJ06MCtfpP1fkXw2IG0T6g69XOLcsPYaL51GmC3x84OpEGhLUycPtKDji3qSzu+Z5L+qkRjs5Sk6rIRIFex35oMn9EemprrkMUWIcOUnWSU25+XXr4Kmq4ItPS8FuUN5XT+coYqJ2UAW7QGaR11Gu7zf+6MrGgdJCk"
|
|
|
|
CertEntryB64 = "AAAAAAFJpuA6vgAAAAZRMIIGTTCCBTWgAwIBAgIMal1BYfXJtoBDJwsMMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTQwMgYDVQQDEytHbG9iYWxTaWduIEV4dGVuZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBURVNUMB4XDTE0MTExMzAxNTgwMVoXDTE2MTExMzAxNTgwMVowggETMRgwFgYDVQQPDA9CdXNpbmVzcyBFbnRpdHkxEjAQBgNVBAUTCTY2NjY2NjY2NjETMBEGCysGAQQBgjc8AgEDEwJERTEpMCcGCysGAQQBgjc8AgEBExhldiBqdXJpc2RpY3Rpb24gbG9jYWxpdHkxJjAkBgsrBgEEAYI3PAIBAhMVZXYganVyaXNkaWN0aW9uIHN0YXRlMQswCQYDVQQGEwJKUDEKMAgGA1UECAwBUzEKMAgGA1UEBwwBTDEVMBMGA1UECRMMZXYgYWRkcmVzcyAzMQwwCgYDVQQLDANPVTExDDAKBgNVBAsMA09VMjEKMAgGA1UECgwBTzEXMBUGA1UEAwwOY3NyY24uc3NsMjQuanAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCNufDWs1lGbf/pW6Q9waVoDu3I88q7xXOiNqEJv25Y34Fse7gVYUerUm7Or/0FdubhwJ6jNDPhFNflA4xpcpjHlX8Bp+EUIyCEfPI0mVu+QnmDQMuZ5qfiz6lQJ3rvbgL02W3c6wr5VBFxsPjxqk8NAkU+bmVLJaE/Kv9DV8roF3070hhVaGWRojCdn/XerYJAME4i6vzFUIWH5ratHQC1PCjluTYmmvvyFLc+29yKSKhsHCPz3OVfzOYFAsCQi8qb2yLBbAs00RtP0n6de8tWxewPxNUlAPsGsK9cQRLkIQIreLMQMMtz6f2S/8ZZGf2PNeYE/K8CW5x34+Xf90mnAgMBAAGjggJSMIICTjAOBgNVHQ8BAf8EBAMCBaAwTAYDVR0gBEUwQzBBBgkrBgEEAaAyAQEwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wSAYDVR0fBEEwPzA9oDugOYY3aHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc29yZ2FuaXphdGlvbnZhbGNhdGcyLmNybDCBnAYIKwYBBQUHAQEEgY8wgYwwSgYIKwYBBQUHMAKGPmh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzb3JnYW5pemF0aW9udmFsY2F0ZzIuY3J0MD4GCCsGAQUFBzABhjJodHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vZ3Nvcmdhbml6YXRpb252YWxjYXRnMjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOY3NyY24uc3NsMjQuanAwHQYDVR0OBBYEFH+DSykD417/9lFhkIOi79aabXD0MB8GA1UdIwQYMBaAFKswpAbZctACmrLH0/QkG+L8pTICMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYAsMyD5aX5fWuvfAnMKEkEhyrH6IsTLGNQt8b9JuFsbHcAAAFJptw0awAABAMARzBFAiBGn03AVTt4Mr1WYzw7nVP6rshN9BS3oFqxstVE0UasPgIhAO6JlBn9T5VUR5j3iD/gk2kv60yQ6E1lFgD3AZFmpDcBMA0GCSqGSIb3DQEBBQUAA4IBAQB9zT4ijWjNwHNMdin9fUDNdC0O0dDZ9JpkOvEtzbxhOUY4t8UZu3yuUwzNw6UDfVzdik0sAavcg02vGZP3oi7iwiM3epTaTmisaaC1DS1HPsd2UeABxfcaI8wt7+dhb9bGSRqn+aK7Frkwzj+Mw3z2pHv7BP1O/324QzzG/bBRRqSjH+ZSEYdfLFESm/BynOLcfOGlr8bqoes6NilsueCRN17fxAjHJ/bVS7pAjaYLRsSWo2TFBK30fuBJapJg/iI8iyPBSDJjXD3/DbqKDIzdlXp38YRDt3gqm2x2NrfWbfQmNQuVlTfpEYiORbLAshjlDQP9z6f3WOjmDdGhmWvAAAA="
|
|
CertEntryExtraDataB64 = "AAf9AARpMIIEZTCCA02gAwIBAgILZGRf9tONi09hqe4wDQYJKoZIhvcNAQEFBQAwUTEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24xGDAWBgNVBAMTD0dsb2JhbFNpZ24gVEVTVDAeFw0xNDEwMjkxMzE2NTJaFw0yMTEyMTUxMDMzMzhaMF4xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTQwMgYDVQQDEytHbG9iYWxTaWduIEV4dGVuZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBURVNUMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmg5vLsmiO6QfUvg0BBzJ/TZh45pOpuObg0xmnJRdGJhLjkGeB/da2X1+iSq73hRTZnAKeDaOdivdTwHvgjI1Wj6BVIXlUbsmnaA0YNs400tFtQIQDHSr+5a6CWaIXKyIslogUbl17O2mmjLyLyuDFF4kS17CTHMUnSUZyM/W7HMAozdB3m4MO1zLXMAMXne8q1FDzF1eKp7JAmmCZgszAYDQBzzhm8UXFvAkkMIq67DAUYUVt4WPNLA8HdX3K9g5ZPnNOjOkHlJ2dvqqg3x6M8dbqpGI6V8iYYpxY2XvFaSOEQ25CC9huMuVL3i/x5nBIggib/yWeMz/kyrZyMIMxwIDAQABo4IBLzCCASswRAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzABhihodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9FeHRlbmRlZFNTTENBMB0GA1UdDgQWBBSrMKQG2XLQApqyx9P0JBvi/KUyAjASBgNVHRMBAf8ECDAGAQH/AgEAMB8GA1UdIwQYMBaAFGmJRnRiL8rmiLXgBu9l6WJQBY8VMEcGA1UdIARAMD4wPAYEVR0gADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLmdsb2JhbHNpZ24ubmV0L3Jvb3QtcjIuY3JsMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAjuSlZRGuCJKS73kO60LBVM4EzY/SUuIHLn44s5ELOHaOHn8t5Zdw0t2/2nA6SzEgPKfgbqL8VazMID9CdUSCtOXd13jsYMsQdGcKCDTQaIMFzjo9SIEFpkD2ie21eyanobeqC3fmYZVrHbMTLDjqjTPnV8OvBIOiPvTC6VEac2HwHOgCye3BW1m/CoR2wtJBqeXoKgyEdsDk/VF9EiN6/gSmH8dDC1el7PtBgheHSciJ7iUWXUU8+rNm74ibTKeIZPQscYxVXu9Msz/5NcQzuyRhblfIC3E0dRb4j+F/XpFdI2GdlAMrCTsISRjeuuFKkZyKwDgstDIOEm2Ub+fhFwADjjCCA4owggJyoAMCAQICCwQAAAAAAQ+GJuYNMA0GCSqGSIb3DQEBBQUAMFExIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIyMRMwEQYDVQQKEwpHbG9iYWxTaWduMRgwFgYDVQQDEw9HbG9iYWxTaWduIFRFU1QwHhcNMTQxMDI2MTAzMzM4WhcNMjExMjE1MTAzMzM4WjBRMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2lnbjEYMBYGA1UEAxMPR2xvYmFsU2lnbiBURVNUMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr05U6MH7Bfyfd8d6uJLkuDdYSkKCmwd0DUTHH9yrrhe7W9msaFxHDXBL3mK7upgRL2KyMZ2VPsk+WBpW/VMFGZpQU36cjXQCxCs31dpfWNVjO7BsfRxpqaPyBNacH8tPIDzdzhmIB8Wka2aTeIRSB8asmvQkgr86H68oDwDleCE7+El1bULkpzEmGhqVoHaS6i+AxljmrxymGN9B2hB2j/v7kz7nTy+Lexg+ujwV7iGq7ydMWtMrQeUXcZjdgboF72U/CT3vIGMOWfHgEob0h71Ka856BFApYZC0LVFD/dSGM7Ss5MlhLARV4LVBqsPxTmG9SeYBA8fLHpAh/eIruwIDAQABo2MwYTAdBgNVHQ4EFgQUaYlGdGIvyuaIteAG72XpYlAFjxUwHwYDVR0jBBgwFoAUaYlGdGIvyuaIteAG72XpYlAFjxUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADoeFcm+Gat4i9MOCAIHQQuWQmfJ2Vfq0vN//OQVHtIYCCo67yb8grNa+/NS/qi5/asxyZfudG3vn5vx4iT107etvKpHBHl3IT4GXhKFEMiCbOd5zfuQ0pWnb0BcqiTFo5SJeVUiTxCt6plshreA3YIOw4A4dJwD8NfWJ+/L/3E4cE+pAVhcxqMf+ucEsAr0YMoSRF8UJc6n2IwgwBD7fxwYxYdS4tCqkHLSsYPEeQYb3mSdIzYAhQwE+u1zT+o+Ff0YRImKemUvEQT9oGDR2iIiM61sDI5Te1x5/MAwBK8YqCcRBBM48d+Oo1rGGI2weLgGXkS61gzSWhQQZ8jV3Y0="
|
|
|
|
SubmissionCertB64 = "MIIEijCCA3KgAwIBAgICEk0wDQYJKoZIhvcNAQELBQAwKzEpMCcGA1UEAwwgY2Fja2xpbmcgY3J5cHRvZ3JhcGhlciBmYWtlIFJPT1QwHhcNMTUxMDIxMjAxMTUyWhcNMjAxMDE5MjAxMTUyWjAfMR0wGwYDVQQDExRoYXBweSBoYWNrZXIgZmFrZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIKR3maBcUSsncXYzQT13D5Nr+Z3mLxMMh3TUdt6sACmqbJ0btRlgXfMtNLM2OU1I6a3Ju+tIZSdn2v21JBwvxUzpZQ4zy2cimIiMQDZCQHJwzC9GZn8HaW091iz9H0Go3A7WDXwYNmsdLNRi00o14UjoaVqaPsYrZWvRKaIRqaU0hHmS0AWwQSvN/93iMIXuyiwywmkwKbWnnxCQ/gsctKFUtcNrwEx9Wgj6KlhwDTyI1QWSBbxVYNyUgPFzKxrSmwMO0yNff7ho+QT9x5+Y/7XE59S4Mc4ZXxcXKew/gSlN9U5mvT+D2BhDtkCupdfsZNCQWp27A+b/DmrFI9NqsCAwEAAaOCAcIwggG+MBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYDVR0eBDwwOqE4MAaCBC5taWwwCocIAAAAAAAAAAAwIocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAyBggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5jb20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMvZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFOmkP+6epeby1dd5YDyTpi4kjpeqMFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUHAgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JMLmNybDAdBgNVHQ4EFgQU+3hPEvlgFYMsnxd/NBmzLjbqQYkwDQYJKoZIhvcNAQELBQADggEBAA0YAeLXOklx4hhCikUUl+BdnFfn1g0W5AiQLVNIOL6PnqXu0wjnhNyhqdwnfhYMnoy4idRh4lB6pz8Gf9pnlLd/DnWSV3gS+/I/mAl1dCkKby6H2V790e6IHmIK2KYm3jm+U++FIdGpBdsQTSdmiX/rAyuxMDM0adMkNBwTfQmZQCz6nGHw1QcSPZMvZpsC8SkvekzxsjF1otOrMUPNPQvtTWrVx8GlR2qfx/4xbQa1v2frNvFBCmO59goz+jnWvfTtj2NjwDZ7vlMBsPm16dbKYC840uvRoZjxqsdc3ChCZjqimFqlNG/xoPA8+dTicZzCXE9ijPIcvW6y1aa3bGw="
|
|
AddJSONResp = `{
|
|
"sct_version":0,
|
|
"id":"KHYaGJAn++880NYaAY12sFBXKcenQRvMvfYE9F1CYVM=",
|
|
"timestamp":1337,
|
|
"extensions":"",
|
|
"signature":"BAMARjBEAiAIc21J5ZbdKZHw5wLxCP+MhBEsV5+nfvGyakOIv6FOvAIgWYMZb6Pw///uiNM7QTg2Of1OqmK1GbeGuEl9VJN8v8c="
|
|
}`
|
|
ProofByHashResp = `
|
|
{
|
|
"leaf_index": 3,
|
|
"audit_path": [
|
|
"pMumx96PIUB3TX543ljlpQ/RgZRqitRfykupIZrXq0Q=",
|
|
"5s2NQWkjmesu+Kqgp70TCwVLwq8obpHw/JyMGwN56pQ=",
|
|
"7VelXijfmGFSl62BWIsG8LRmxJGBq9XP8FxmszuT2Cg="
|
|
]
|
|
}`
|
|
GetRootsResp = `
|
|
{
|
|
"certificates":[
|
|
"MIIFLjCCAxagAwIBAgIQNgEiBHAkH6lLUWKp42Ob1DANBgkqhkiG9w0BAQ0FADAWMRQwEgYDVQQDEwtlc2lnbml0Lm9yZzAeFw0xNDA2MjAxODM3NTRaFw0zMDA2MjAxODQ3NDZaMBYxFDASBgNVBAMTC2VzaWduaXQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtylZx/zTLxRDsok14XO0Z3PvWMIY4HWro0YLgCF8dYv3tUaNkmN3ghlQvY8UcByH2LMOBGiQAcMHxgEJ53cnWRyc2DjoGhkDkiPdS2JttNEB0B/XTaGvaHwJh2CSgIBbpZpWTaqGywbe7AgJQ81L8h7tZ4E6W8ZM0vt4mnzqkPBT+BmyjTXG/McGhYTQAsmdsYZDBAdB2Y4X1/RAyL0e9MHdSboRofhg+8d5MeC0VEIgHXU/R4f4wz/pSw0FI9xxWJR3UUK/qOWqNsVYZfmCu6+ksDQtezxSTAuymoL094Dwn+hnXb8RS6dEbIQ+b0bIHxxpypcxH7rBMIpQcbZ8JSqNVDZPI9QahKNPQMQiuBE66KlqbnLOj7lGBxsbpU2Dx8QL8W96op6dTGtniFyXqhuYN2UxDMNI+fb1j9G7ENpoqvTVfjxa4RUU6uZ9ZygOiiOZD4P54vEQFteiu4OM+mWOm5Vll9yPXqHPc5oiCfyvCNVzfapqPoGbaCM6oQtcHdAca9VpE2eDTo36zfdFo31YYBOEjWNsfXwp8frNduS/L6gmWYrd91HeEoOVX2ZQKqBLp5ydW72xDSeCIr5kugqdY6whW80ugjLlc9mDd8/LEGQQKnrxzeeWdjiQG/WwcOse9GRktOzH2gvmkJ+vY82z1jhrZP4REoA6T+aYGR8CAwEAAaN4MHYwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFPOGsFKraD+/FoPAUXSf77qYfZHRMBIGCSsGAQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYEFEq/BT//OC3eNeJ4wEfNqJXdZRNpMA0GCSqGSIb3DQEBDQUAA4ICAQBEvh2kzI+1uoUx/emM654QvpM6WtgQSJMubKwKeBY5UNgwwNpwmtswiEKzdZwBiGb1xEehPrAKz0d7aiIIEOonYEohIV6szl0+F56nN16813n1lPsCjdLSA8fjgf28jvlTKcrLRqeyCn4APadh6g7/FRiGcmIxEFPf/VNTUBZ7l4e2zzb06PxCq8oDaOsbAVYXQz8A0KX50KURZrdC2knUg1HX0J/orVpdaQ9UZYVNp2WAbe9vYTCCF5FdtzNU+nJDojpDxF5guMe9bifL3YTvd87YQwsH7+o+UbtHX4lG8VsSfmvvJulNBY6RtzZEpZvyRWIvQahM9qTrzFpsxl4wyPSBDPLDZ6YvVWsXvU4PqLOWTbPdq4BB24P9kFxeYjEe/rDQ8bd1/V/OFZTEM0rxdZDDN9vWnybzl8xL5VmNLDGl1u6JrOVvCzVAWP++L9l5UTusQI/BPSMebz6msd8vhTluD4jQIba1/6zOwfBraFgCIktCT3GEIiyt59x3rdSirLyjzmeQA9NkwoG/GqlFlSdWmQCK/sCL+z050rqjL0kEwIl/D6ncCXfBvhCpCmcrIlZFruyeOlsISZ410T1w/pLK8OXhbCr13Gb7A5jhv1nn811cQaR7XUXhcn6Wq/VV/oQZLunBYvoYOs3dc8wpBabPrrRhkdNmN6Rib6TvMg=="
|
|
]
|
|
}`
|
|
GetSTHConsistencyResp = `{ "consistency": [ "IqlrapPQKtmCY1jCr8+lpCtscRyjjZAA7nyadtFPRFQ=", "ytf6K2GnSRZ3Au+YkivCb7N1DygfKyZmE4aEs9OXl\/8=" ] }`
|
|
GetEntryAndProofResp = `{
|
|
"leaf_input": "AAAAAAFhw8UTtQAAAAJ1MIICcTCCAhegAwIBAgIFAN6tvu8wCgYIKoZIzj0EAwIwcjELMAkGA1UEBhMCR0IxDzANBgNVBAgTBkxvbmRvbjEPMA0GA1UEBxMGTG9uZG9uMQ8wDQYDVQQKEwZHb29nbGUxDDAKBgNVBAsTA0VuZzEiMCAGA1UEAxMZRmFrZUludGVybWVkaWF0ZUF1dGhvcml0eTAgFw0xNjEyMDcxNTEzMzZaGA8wMDAxMDEwMTAwMDAwMFowVjELMAkGA1UEBhMCR0IxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UECgwGR29vZ2xlMQwwCgYDVQQLDANFbmcxFzAVBgNVBAMMDmxlYWYwMS5jc3IucGVtMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6zdOUkWcRtWouMXtWLkwKaZwimmgJlyeL264ayNshOFGOpg2gkSliheLQYIy9C3gCFt+BzhS/EdWKCeb7WCLrKOBszCBsDAPBgNVHQ8BAf8EBQMDB/mAMIGLBgNVHQ4EgYMEgYBPRBC+90lR8pRLbTi3ID4j0WRzjoJOT3MGkKko87o8z6gEifk9zCwOiHeIgclTA0ZUTxXMRI5r+nUY0frjRCWZu4uthPlE90iJM+RyjcNTwDJGu2StvLnJ8y4t5fdnwdGssncXiBQMuM7/1eMEwAOfHgTFzJ0UBC2Umztl0hul3zAPBgNVHSMECDAGgAQBAgMEMAoGCCqGSM49BAMCA0gAMEUCIQCrwywGKvyt/BwR+e7yDs78qt4sSEVJltv7Y0W6gOI5awIgQ+IAjejYivLEfqNufFRezCBWHWhbq/HHGdNQtv6EArkAAA==",
|
|
"extra_data": "RXh0cmEK",
|
|
"audit_path": [
|
|
"pMumx96PIUB3TX543ljlpQ/RgZRqitRfykupIZrXq0Q=",
|
|
"5s2NQWkjmesu+Kqgp70TCwVLwq8obpHw/JyMGwN56pQ=",
|
|
"7VelXijfmGFSl62BWIsG8LRmxJGBq9XP8FxmszuT2Cg="
|
|
]
|
|
}`
|
|
)
|
|
|
|
func b64(s string) []byte {
|
|
b, err := base64.StdEncoding.DecodeString(s)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
return b
|
|
}
|
|
|
|
// serveHandlerAt returns a test HTTP server that only expects requests at the given path, and invokes
|
|
// the provided handler for that path.
|
|
func serveHandlerAt(t *testing.T, path string, handler func(http.ResponseWriter, *http.Request)) *httptest.Server {
|
|
t.Helper()
|
|
return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
if r.URL.Path == path {
|
|
handler(w, r)
|
|
} else {
|
|
t.Fatalf("Incorrect URL path: %s", r.URL.Path)
|
|
}
|
|
}))
|
|
}
|
|
|
|
// serveRspAt returns a test HTTP server that returns a canned response body rsp for a given path.
|
|
func serveRspAt(t *testing.T, path, rsp string) *httptest.Server {
|
|
t.Helper()
|
|
return serveHandlerAt(t, path, func(w http.ResponseWriter, r *http.Request) {
|
|
fmt.Fprintf(w, rsp)
|
|
})
|
|
}
|
|
|
|
func sctToJSON(rawSCT []byte) ([]byte, error) {
|
|
var sct ct.SignedCertificateTimestamp
|
|
_, err := tls.Unmarshal(rawSCT, &sct)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to tls-unmarshal test certificate proof: %v", err)
|
|
}
|
|
data, err := json.Marshal(sct)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to json-marshal test certificate proof: %v", err)
|
|
}
|
|
return data, nil
|
|
}
|
|
|
|
// serveSCTAt returns a test HTTP server that returns the given SCT as a canned response for
|
|
// a given path.
|
|
func serveSCTAt(t *testing.T, path string, rawSCT []byte) *httptest.Server {
|
|
t.Helper()
|
|
return serveHandlerAt(t, path, func(w http.ResponseWriter, r *http.Request) {
|
|
data, err := sctToJSON(rawSCT)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
w.Write(data)
|
|
})
|
|
}
|
|
|
|
func TestGetEntries(t *testing.T) {
|
|
ts := serveHandlerAt(t, "/ct/v1/get-entries", func(w http.ResponseWriter, r *http.Request) {
|
|
q := r.URL.Query()
|
|
numRE := regexp.MustCompile("[0-9]+")
|
|
if !numRE.MatchString(q["start"][0]) || !numRE.MatchString(q["end"][0]) {
|
|
t.Fatalf("Invalid parameter: start=%q, end=%q", q["start"][0], q["end"][0])
|
|
}
|
|
fmt.Fprintf(w, `{"entries":[{"leaf_input": "%s","extra_data": "%s"},{"leaf_input": "%s","extra_data": "%s"}]}`,
|
|
PrecertEntryB64,
|
|
PrecertEntryExtraDataB64,
|
|
CertEntryB64,
|
|
CertEntryExtraDataB64)
|
|
})
|
|
defer ts.Close()
|
|
lc, err := client.New(ts.URL, &http.Client{}, jsonclient.Options{})
|
|
if err != nil {
|
|
t.Fatalf("Failed to create client: %v", err)
|
|
}
|
|
leaves, err := lc.GetEntries(context.Background(), 0, 1)
|
|
if err != nil {
|
|
t.Errorf("GetEntries(0,1)=nil,%v; want 2 leaves,nil", err)
|
|
} else if len(leaves) != 2 {
|
|
t.Errorf("GetEntries(0,1)=%d leaves,nil; want 2 leaves,nil", len(leaves))
|
|
}
|
|
}
|
|
|
|
func TestGetEntriesErrors(t *testing.T) {
|
|
ctx := context.Background()
|
|
var tests = []struct {
|
|
start, end int64
|
|
rsp, want string
|
|
}{
|
|
{start: 1, end: 2, rsp: "", want: "EOF"},
|
|
{start: 0, end: -1, want: "end should be >= 0"},
|
|
{start: 3, end: 2, want: "start should be <= end"},
|
|
{start: 4, end: 5, rsp: "not-json", want: "invalid"},
|
|
{start: 5, end: 6, rsp: `{"entries":[{"leaf_input":"bogus","extra_data":"bogus"}]}`, want: "illegal base64"},
|
|
{start: 6, end: 7, rsp: `{"entries":[{"leaf_input":"bbbb","extra_data":"bbbb"}]}`, want: "failed to unmarshal"},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
ts := serveRspAt(t, "/ct/v1/get-entries", test.rsp)
|
|
defer ts.Close()
|
|
lc, err := client.New(ts.URL, &http.Client{}, jsonclient.Options{})
|
|
if err != nil {
|
|
t.Errorf("Failed to create client: %v", err)
|
|
continue
|
|
}
|
|
got, err := lc.GetEntries(ctx, test.start, test.end)
|
|
if err == nil {
|
|
t.Errorf("GetEntries(%d, %d)=%+v, nil; want nil, %q", test.start, test.end, got, test.want)
|
|
} else if !strings.Contains(err.Error(), test.want) {
|
|
t.Errorf("GetEntries(%d, %d)=nil, %q; want nil, %q", test.start, test.end, err, test.want)
|
|
}
|
|
if got != nil {
|
|
t.Errorf("GetEntries(%d, %d)=%+v, _; want nil, _", test.start, test.end, got)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestGetRawEntriesErrors(t *testing.T) {
|
|
ctx := context.Background()
|
|
var tests = []struct {
|
|
start, end int64
|
|
rsp, want string
|
|
}{
|
|
{start: 1, end: 2, rsp: "", want: "EOF"},
|
|
{start: 0, end: -1, want: "end should be >= 0"},
|
|
{start: 3, end: 2, want: "start should be <= end"},
|
|
{start: 4, end: 5, rsp: "not-json", want: "invalid"},
|
|
{start: 5, end: 6, rsp: `{"entries":[{"leaf_input":"bogus","extra_data":"bogus"}]}`, want: "illegal base64"},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
ts := serveRspAt(t, "/ct/v1/get-entries", test.rsp)
|
|
defer ts.Close()
|
|
lc, err := client.New(ts.URL, &http.Client{}, jsonclient.Options{})
|
|
if err != nil {
|
|
t.Errorf("Failed to create client: %v", err)
|
|
continue
|
|
}
|
|
got, err := lc.GetRawEntries(ctx, test.start, test.end)
|
|
if err == nil {
|
|
t.Errorf("GetRawEntries(%d, %d)=%+v, nil; want nil, %q", test.start, test.end, got, test.want)
|
|
} else if !strings.Contains(err.Error(), test.want) {
|
|
t.Errorf("GetRawEntries(%d, %d)=nil, %q; want nil, %q", test.start, test.end, err, test.want)
|
|
}
|
|
if got != nil {
|
|
t.Errorf("GetRawEntries(%d, %d)=%+v, _; want nil, _", test.start, test.end, got)
|
|
}
|
|
if len(test.rsp) > 0 {
|
|
// Expect the error to include the HTTP response
|
|
if rspErr, ok := err.(client.RspError); !ok {
|
|
t.Errorf("GetRawEntries(%d, %d)=nil, .(%T); want nil, .(RspError)", test.start, test.end, err)
|
|
} else if string(rspErr.Body) != test.rsp {
|
|
t.Errorf("GetRawEntries(%d, %d)=nil, .Body=%q; want nil, .Body=%q", test.start, test.end, rspErr.Body, test.rsp)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestGetSTH(t *testing.T) {
|
|
ts := serveRspAt(t, "/ct/v1/get-sth",
|
|
fmt.Sprintf(`{"tree_size": %d, "timestamp": %d, "sha256_root_hash": "%s", "tree_head_signature": "%s"}`,
|
|
ValidSTHResponseTreeSize,
|
|
int64(ValidSTHResponseTimestamp),
|
|
ValidSTHResponseSHA256RootHash,
|
|
ValidSTHResponseTreeHeadSignature))
|
|
defer ts.Close()
|
|
lc, err := client.New(ts.URL, &http.Client{}, jsonclient.Options{})
|
|
if err != nil {
|
|
t.Fatalf("Failed to create client: %v", err)
|
|
}
|
|
sth, err := lc.GetSTH(context.Background())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if sth.TreeSize != ValidSTHResponseTreeSize {
|
|
t.Errorf("GetSTH().TreeSize=%d; want %d", sth.TreeSize, ValidSTHResponseTreeSize)
|
|
}
|
|
if sth.Timestamp != ValidSTHResponseTimestamp {
|
|
t.Errorf("GetSTH().Timestamp=%v; want %v", sth.Timestamp, ValidSTHResponseTimestamp)
|
|
}
|
|
if sth.SHA256RootHash.Base64String() != ValidSTHResponseSHA256RootHash {
|
|
t.Errorf("GetSTH().SHA256RootHash=%v; want %v", sth.SHA256RootHash.Base64String(), ValidSTHResponseSHA256RootHash)
|
|
}
|
|
wantRawSignature, err := base64.StdEncoding.DecodeString(ValidSTHResponseTreeHeadSignature)
|
|
if err != nil {
|
|
t.Fatalf("Couldn't b64 decode 'correct' STH signature: %v", err)
|
|
}
|
|
var wantDS ct.DigitallySigned
|
|
if _, err := tls.Unmarshal(wantRawSignature, &wantDS); err != nil {
|
|
t.Fatalf("Couldn't unmarshal DigitallySigned: %v", err)
|
|
}
|
|
if sth.TreeHeadSignature.Algorithm.Hash != wantDS.Algorithm.Hash {
|
|
t.Errorf("GetSTH().TreeHeadSignature.Algorithm.Hash=%v; %v", wantDS.Algorithm.Hash, sth.TreeHeadSignature.Algorithm.Hash)
|
|
}
|
|
if sth.TreeHeadSignature.Algorithm.Signature != wantDS.Algorithm.Signature {
|
|
t.Errorf("GetSTH().TreeHeadSignature.Algorithm.Signature=%v; want %v", wantDS.Algorithm.Signature, sth.TreeHeadSignature.Algorithm.Signature)
|
|
}
|
|
if bytes.Compare(sth.TreeHeadSignature.Signature, wantDS.Signature) != 0 {
|
|
t.Errorf("GetSTH().TreeHeadSignature.Signature=%v; want %v", wantDS.Signature, sth.TreeHeadSignature.Signature)
|
|
}
|
|
}
|
|
|
|
func TestGetSTHErrors(t *testing.T) {
|
|
ctx := context.Background()
|
|
var tests = []struct {
|
|
rsp, want string
|
|
}{
|
|
{rsp: "", want: "EOF"},
|
|
{rsp: "not-json", want: "invalid"},
|
|
{rsp: `{"tree_size":228163,"timestamp":1507127718502,"sha256_root_hash":"bogus","tree_head_signature":"bogus"}`, want: "illegal base64"},
|
|
{rsp: `{"tree_size":228163,"timestamp":1507127718502,"sha256_root_hash":"bbbb","tree_head_signature":"bbbb"}`, want: "hash is invalid length"},
|
|
{rsp: `{"tree_size":228163,"timestamp":1507127718502,"sha256_root_hash":"tncuLXiPAo711IOxjaYTwLmwbSyyE8hEcRhaOXvFb3g=","tree_head_signature":"bbbb"}`, want: "syntax error"},
|
|
{rsp: `{"tree_size":228163,"timestamp":1507127718502,"sha256_root_hash":"tncuLXiPAo711IOxjaYTwLmwbSyyE8hEcRhaOXvFb3g=","tree_head_signature":"BAMARjBEAiAi5045/h8Yvs1mNlsYskWvuFbu2A6hO2J45KDFfOR1OwIgZ2jq8iFCwKuTbcIgsBB1ibHEupv97CeAQynK0Dw2PT8bbbb="}`, want: "trailing data"},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
ts := serveRspAt(t, "/ct/v1/get-sth", test.rsp)
|
|
defer ts.Close()
|
|
lc, err := client.New(ts.URL, &http.Client{}, jsonclient.Options{})
|
|
if err != nil {
|
|
t.Errorf("Failed to create client: %v", err)
|
|
continue
|
|
}
|
|
got, err := lc.GetSTH(ctx)
|
|
if err == nil {
|
|
t.Errorf("GetSTH()=%+v, nil; want nil, %q", got, test.want)
|
|
} else if !strings.Contains(err.Error(), test.want) {
|
|
t.Errorf("GetSTH()=nil, %q; want nil, %q", err, test.want)
|
|
}
|
|
if got != nil {
|
|
t.Errorf("GetSTH()=%+v, _; want nil, _", got)
|
|
}
|
|
if len(test.rsp) > 0 {
|
|
// Expect the error to include the HTTP response
|
|
if rspErr, ok := err.(client.RspError); !ok {
|
|
t.Errorf("GetSTH()=nil, .(%T); want nil, .(RspError)", err)
|
|
} else if string(rspErr.Body) != test.rsp {
|
|
t.Errorf("GetSTH()=nil, .Body=%q; want nil, .Body=%q", rspErr.Body, test.rsp)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestAddChainRetries(t *testing.T) {
|
|
if testing.Short() {
|
|
t.Skip("skipping retry test in short mode")
|
|
}
|
|
retryAfter := 0 * time.Second
|
|
currentFailures := 0
|
|
failuresBeforeSuccess := 0
|
|
hs := serveHandlerAt(t, "/ct/v1/add-chain", func(w http.ResponseWriter, r *http.Request) {
|
|
if failuresBeforeSuccess > 0 && currentFailures < failuresBeforeSuccess {
|
|
currentFailures++
|
|
if retryAfter != 0 {
|
|
if retryAfter > 0 {
|
|
w.Header().Add("Retry-After", strconv.Itoa(int(retryAfter.Seconds())))
|
|
}
|
|
w.WriteHeader(503)
|
|
return
|
|
}
|
|
w.WriteHeader(408)
|
|
return
|
|
}
|
|
_, err := w.Write([]byte(AddJSONResp))
|
|
if err != nil {
|
|
return
|
|
}
|
|
})
|
|
defer hs.Close()
|
|
|
|
certBytes, err := base64.StdEncoding.DecodeString(SubmissionCertB64)
|
|
if err != nil {
|
|
t.Fatalf("Failed to decode chain array B64: %s", err)
|
|
}
|
|
chain := []ct.ASN1Cert{{Data: certBytes}}
|
|
|
|
const leeway = time.Millisecond * 100
|
|
const leewayRatio = 0.2 // 20%
|
|
|
|
tests := []struct {
|
|
deadlineLength time.Duration // -1 indicates no deadline
|
|
expected time.Duration
|
|
retryAfter time.Duration // -1 indicates: generate 503 with no Retry-After
|
|
failuresBeforeSuccess int
|
|
success bool
|
|
}{
|
|
{
|
|
deadlineLength: -1,
|
|
expected: 1 * time.Millisecond,
|
|
retryAfter: 0,
|
|
failuresBeforeSuccess: 0,
|
|
success: true,
|
|
},
|
|
{
|
|
deadlineLength: -1,
|
|
expected: 7 * time.Second, // 1 + 2 + 4
|
|
retryAfter: -1,
|
|
failuresBeforeSuccess: 3,
|
|
success: true,
|
|
},
|
|
{
|
|
deadlineLength: 6 * time.Second,
|
|
expected: 5 * time.Second,
|
|
retryAfter: 5 * time.Second,
|
|
failuresBeforeSuccess: 1,
|
|
success: true,
|
|
},
|
|
{
|
|
deadlineLength: 5 * time.Second,
|
|
expected: 5 * time.Second,
|
|
retryAfter: 10 * time.Second,
|
|
failuresBeforeSuccess: 1,
|
|
success: false,
|
|
},
|
|
{
|
|
deadlineLength: 10 * time.Second,
|
|
expected: 5 * time.Second,
|
|
retryAfter: 1 * time.Second,
|
|
failuresBeforeSuccess: 5,
|
|
success: true,
|
|
},
|
|
{
|
|
deadlineLength: 1 * time.Second,
|
|
expected: 10 * time.Millisecond,
|
|
retryAfter: 0,
|
|
failuresBeforeSuccess: 10,
|
|
success: true,
|
|
},
|
|
}
|
|
|
|
for i, test := range tests {
|
|
deadline := context.Background()
|
|
lc, err := client.New(hs.URL, &http.Client{}, jsonclient.Options{})
|
|
if err != nil {
|
|
t.Fatalf("Failed to create client: %v", err)
|
|
}
|
|
if test.deadlineLength >= 0 {
|
|
var cancel context.CancelFunc
|
|
deadline, cancel = context.WithDeadline(context.Background(), time.Now().Add(test.deadlineLength))
|
|
defer cancel()
|
|
}
|
|
retryAfter = test.retryAfter
|
|
failuresBeforeSuccess = test.failuresBeforeSuccess
|
|
currentFailures = 0
|
|
|
|
started := time.Now()
|
|
sct, err := lc.AddChain(deadline, chain)
|
|
took := time.Since(started)
|
|
delta := math.Abs(float64(took - test.expected))
|
|
ratio := delta / float64(test.expected)
|
|
if delta > float64(leeway) && ratio > leewayRatio {
|
|
t.Errorf("#%d Submission took an unexpected length of time: %s, expected ~%s", i, took, test.expected)
|
|
}
|
|
if test.success && err != nil {
|
|
t.Errorf("#%d Failed to submit chain: %s", i, err)
|
|
} else if !test.success && err == nil {
|
|
t.Errorf("#%d Expected AddChain to fail", i)
|
|
}
|
|
if test.success && sct == nil {
|
|
t.Errorf("#%d Nil SCT returned", i)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestAddChain(t *testing.T) {
|
|
hs := serveSCTAt(t, "/ct/v1/add-chain", testdata.TestCertProof)
|
|
defer hs.Close()
|
|
lc, err := client.New(hs.URL, &http.Client{}, jsonclient.Options{PublicKey: testdata.LogPublicKeyPEM})
|
|
if err != nil {
|
|
t.Fatalf("Failed to create client: %v", err)
|
|
}
|
|
|
|
cert, err := x509util.CertificateFromPEM([]byte(testdata.TestCertPEM))
|
|
if err != nil {
|
|
t.Fatalf("Failed to parse certificate from PEM: %v", err)
|
|
}
|
|
|
|
// AddChain will verify the signature because the client has a public key.
|
|
chain := []ct.ASN1Cert{{Data: cert.Raw}}
|
|
_, err = lc.AddChain(context.Background(), chain)
|
|
if err != nil {
|
|
t.Errorf("AddChain()=nil,%v; want sct,nil", err)
|
|
}
|
|
}
|
|
|
|
func TestAddPreChain(t *testing.T) {
|
|
hs := serveSCTAt(t, "/ct/v1/add-pre-chain", testdata.TestPreCertProof)
|
|
defer hs.Close()
|
|
lc, err := client.New(hs.URL, &http.Client{}, jsonclient.Options{PublicKey: testdata.LogPublicKeyPEM})
|
|
if err != nil {
|
|
t.Fatalf("Failed to create client: %v", err)
|
|
}
|
|
|
|
cert, err := x509util.CertificateFromPEM([]byte(testdata.TestPreCertPEM))
|
|
if err != nil {
|
|
t.Fatalf("Failed to parse pre-certificate from PEM: %v", err)
|
|
}
|
|
issuer, err := x509util.CertificateFromPEM([]byte(testdata.CACertPEM))
|
|
if err != nil {
|
|
t.Fatalf("Failed to parse issuer certificate from PEM: %v", err)
|
|
}
|
|
|
|
// AddPreChain will verify the signature because the client has a public key.
|
|
chain := []ct.ASN1Cert{{Data: cert.Raw}, {Data: issuer.Raw}}
|
|
_, err = lc.AddPreChain(context.Background(), chain)
|
|
if err != nil {
|
|
t.Errorf("AddPreChain()=nil,%v; want sct,nil", err)
|
|
}
|
|
}
|
|
|
|
func TestAddJSON(t *testing.T) {
|
|
hs := serveRspAt(t, "/ct/v1/add-json", AddJSONResp)
|
|
defer hs.Close()
|
|
lc, err := client.New(hs.URL, &http.Client{}, jsonclient.Options{})
|
|
if err != nil {
|
|
t.Fatalf("Failed to create client: %v", err)
|
|
}
|
|
|
|
tests := []struct {
|
|
success bool
|
|
data interface{}
|
|
}{
|
|
{true, struct{ hi string }{"bob"}},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
sct, err := lc.AddJSON(context.Background(), test.data)
|
|
if test.success && err != nil {
|
|
t.Errorf("AddJSON(%v)=nil,%v; want sct,nil", test.data, err)
|
|
} else if !test.success && err == nil {
|
|
t.Errorf("AddJSON(%v)=sct,nil; want nil,error", test.data)
|
|
}
|
|
if test.success && sct == nil {
|
|
t.Errorf("AddJSON(%v)=nil,%v; want sct,nil", test.data, err)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestGetSTHConsistency(t *testing.T) {
|
|
hs := serveRspAt(t, "/ct/v1/get-sth-consistency", GetSTHConsistencyResp)
|
|
defer hs.Close()
|
|
lc, err := client.New(hs.URL, &http.Client{}, jsonclient.Options{})
|
|
if err != nil {
|
|
t.Fatalf("Failed to create client: %v", err)
|
|
}
|
|
|
|
tests := []struct {
|
|
first uint64
|
|
second uint64
|
|
proof [][]byte
|
|
}{
|
|
{1, 3, [][]byte{
|
|
b64("IqlrapPQKtmCY1jCr8+lpCtscRyjjZAA7nyadtFPRFQ="),
|
|
b64("ytf6K2GnSRZ3Au+YkivCb7N1DygfKyZmE4aEs9OXl/8="),
|
|
}},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
proof, err := lc.GetSTHConsistency(context.Background(), test.first, test.second)
|
|
if err != nil {
|
|
t.Errorf("GetSTHConsistency(%d, %d)=nil,%v; want proof,nil", test.first, test.second, err)
|
|
} else if !reflect.DeepEqual(proof, test.proof) {
|
|
t.Errorf("GetSTHConsistency(%d, %d)=%v,nil; want %v,nil", test.first, test.second, proof, test.proof)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestGetSTHConsistencyErrors(t *testing.T) {
|
|
ctx := context.Background()
|
|
var tests = []struct {
|
|
first, second uint64
|
|
rsp, want string
|
|
}{
|
|
{first: 1, second: 2, rsp: "", want: "EOF"},
|
|
{first: 1, second: 2, rsp: "not-json", want: "invalid"},
|
|
{first: 1, second: 2, rsp: `{"consistency":["bogus"]}`, want: "illegal base64"},
|
|
{first: 1, second: 2, rsp: `{"consistency":["2SyPbmCNzn9l7dhWVz1uz6nW7DB7p0EkSsfH9M+qU5E=",]}`, want: "invalid"},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
ts := serveRspAt(t, "/ct/v1/get-sth-consistency", test.rsp)
|
|
defer ts.Close()
|
|
lc, err := client.New(ts.URL, &http.Client{}, jsonclient.Options{})
|
|
if err != nil {
|
|
t.Errorf("Failed to create client: %v", err)
|
|
continue
|
|
}
|
|
got, err := lc.GetSTHConsistency(ctx, test.first, test.second)
|
|
if err == nil {
|
|
t.Errorf("GetSTHConsistency(%d, %d)=%+v, nil; want nil, %q", test.first, test.second, got, test.want)
|
|
} else if !strings.Contains(err.Error(), test.want) {
|
|
t.Errorf("GetSTHConsistency(%d, %d)=nil, %q; want nil, %q", test.first, test.second, err, test.want)
|
|
}
|
|
if got != nil {
|
|
t.Errorf("GetSTHConsistency(%d, %d)=%+v, _; want nil, _", test.first, test.second, got)
|
|
}
|
|
if len(test.rsp) > 0 {
|
|
// Expect the error to include the HTTP response
|
|
if rspErr, ok := err.(client.RspError); !ok {
|
|
t.Errorf("GetSTHConsistency(%d, %d)=nil, .(%T); want nil, .(RspError)", test.first, test.second, err)
|
|
} else if string(rspErr.Body) != test.rsp {
|
|
t.Errorf("GetSTHConsistency(%d, %d)=nil, .Body=%q; want nil, .Body=%q", test.first, test.second, rspErr.Body, test.rsp)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestGetProofByHash(t *testing.T) {
|
|
hs := serveRspAt(t, "/ct/v1/get-proof-by-hash", ProofByHashResp)
|
|
defer hs.Close()
|
|
lc, err := client.New(hs.URL, &http.Client{}, jsonclient.Options{})
|
|
if err != nil {
|
|
t.Fatalf("Failed to create client: %v", err)
|
|
}
|
|
|
|
tests := []struct {
|
|
hash []byte
|
|
treesize uint64
|
|
}{
|
|
{dh("4a9e8edbe5ce2d2da69d483edb45186675d4be37b649d40923b156a7d1277463"), 5},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
resp, err := lc.GetProofByHash(context.Background(), test.hash, test.treesize)
|
|
if err != nil {
|
|
t.Errorf("GetProofByHash(%v, %v)=nil,%v; want proof,nil", test.hash, test.treesize, err)
|
|
} else if got := len(resp.AuditPath); got < 1 {
|
|
t.Errorf("len(GetProofByHash(%v, %v)): %v; want > 1", test.hash, test.treesize, got)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestGetProofByHashErrors(t *testing.T) {
|
|
ctx := context.Background()
|
|
aHash := dh("4a9e8edbe5ce2d2da69d483edb45186675d4be37b649d40923b156a7d1277463")
|
|
var tests = []struct {
|
|
rsp, want string
|
|
}{
|
|
{rsp: "", want: "EOF"},
|
|
{rsp: "not-json", want: "invalid"},
|
|
{rsp: `{"leaf_index": 17, "audit_path":["bogus"]}`, want: "illegal base64"},
|
|
{rsp: `{"leaf_index": 17, "audit_path":["bbbb",]}`, want: "invalid"},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
ts := serveRspAt(t, "/ct/v1/get-proof-by-hash", test.rsp)
|
|
defer ts.Close()
|
|
lc, err := client.New(ts.URL, &http.Client{}, jsonclient.Options{})
|
|
if err != nil {
|
|
t.Errorf("Failed to create client: %v", err)
|
|
continue
|
|
}
|
|
got, err := lc.GetProofByHash(ctx, aHash, 100)
|
|
if err == nil {
|
|
t.Errorf("GetProofByHash()=%+v, nil; want nil, %q", got, test.want)
|
|
} else if !strings.Contains(err.Error(), test.want) {
|
|
t.Errorf("GetProofByHash()=nil, %q; want nil, %q", err, test.want)
|
|
}
|
|
if got != nil {
|
|
t.Errorf("GetProofByHash()=%+v, _; want nil, _", got)
|
|
}
|
|
if len(test.rsp) > 0 {
|
|
// Expect the error to include the HTTP response
|
|
if rspErr, ok := err.(client.RspError); !ok {
|
|
t.Errorf("GetProofByHash()=nil, .(%T); want nil, .(RspError)", err)
|
|
} else if string(rspErr.Body) != test.rsp {
|
|
t.Errorf("GetProofByHash()=nil, .Body=%q; want nil, .Body=%q", rspErr.Body, test.rsp)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestGetAcceptedRoots(t *testing.T) {
|
|
hs := serveRspAt(t, "/ct/v1/get-roots", GetRootsResp)
|
|
defer hs.Close()
|
|
lc, err := client.New(hs.URL, &http.Client{}, jsonclient.Options{})
|
|
if err != nil {
|
|
t.Fatalf("Failed to create client: %v", err)
|
|
}
|
|
|
|
certs, err := lc.GetAcceptedRoots(context.Background())
|
|
if err != nil {
|
|
t.Errorf("GetAcceptedRoots()=nil,%q; want roots,nil", err.Error())
|
|
} else if len(certs) < 1 {
|
|
t.Errorf("len(GetAcceptedRoots())=0; want > 1")
|
|
}
|
|
}
|
|
|
|
func TestGetAcceptedRootsErrors(t *testing.T) {
|
|
ctx := context.Background()
|
|
var tests = []struct {
|
|
rsp, want string
|
|
}{
|
|
{rsp: "", want: "EOF"},
|
|
{rsp: "not-json", want: "invalid"},
|
|
{rsp: `{"certificates":["bogus"]}`, want: "illegal base64"},
|
|
{rsp: `{"certificates":["bbbb",]}`, want: "invalid"},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
ts := serveRspAt(t, "/ct/v1/get-roots", test.rsp)
|
|
defer ts.Close()
|
|
lc, err := client.New(ts.URL, &http.Client{}, jsonclient.Options{})
|
|
if err != nil {
|
|
t.Errorf("Failed to create client: %v", err)
|
|
continue
|
|
}
|
|
got, err := lc.GetAcceptedRoots(ctx)
|
|
if err == nil {
|
|
t.Errorf("GetAcceptedRoots()=%+v, nil; want nil, %q", got, test.want)
|
|
} else if !strings.Contains(err.Error(), test.want) {
|
|
t.Errorf("GetAcceptedRoots()=nil, %q; want nil, %q", err, test.want)
|
|
}
|
|
if got != nil {
|
|
t.Errorf("GetAcceptedRoots()=%+v, _; want nil, _", got)
|
|
}
|
|
if len(test.rsp) > 0 {
|
|
// Expect the error to include the HTTP response
|
|
if rspErr, ok := err.(client.RspError); !ok {
|
|
t.Errorf("GetAcceptedRoots()=nil, .(%T); want nil, .(RspError)", err)
|
|
} else if string(rspErr.Body) != test.rsp {
|
|
t.Errorf("GetAcceptedRoots()=nil, .Body=%q; want nil, .Body=%q", rspErr.Body, test.rsp)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestGetEntryAndProof(t *testing.T) {
|
|
hs := serveRspAt(t, "/ct/v1/get-entry-and-proof", GetEntryAndProofResp)
|
|
defer hs.Close()
|
|
lc, err := client.New(hs.URL, &http.Client{}, jsonclient.Options{})
|
|
if err != nil {
|
|
t.Fatalf("Failed to create client: %v", err)
|
|
}
|
|
|
|
tests := []struct {
|
|
index uint64
|
|
treesize uint64
|
|
}{
|
|
{1000, 2000},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
resp, err := lc.GetEntryAndProof(context.Background(), test.index, test.treesize)
|
|
if err != nil {
|
|
t.Errorf("GetEntryAndProof(%v, %v)=nil,%v; want proof,nil", test.index, test.treesize, err)
|
|
} else if got := len(resp.AuditPath); got < 1 {
|
|
t.Errorf("len(GetEntryAndProof(%v, %v)): %v; want > 1", test.index, test.treesize, got)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestGetEntryAndProofErrors(t *testing.T) {
|
|
ctx := context.Background()
|
|
var tests = []struct {
|
|
rsp, want string
|
|
}{
|
|
{rsp: "", want: "EOF"},
|
|
{rsp: "not-json", want: "invalid"},
|
|
{rsp: `{"leaf_input": "bogus", "extra_data": "Z29vZAo=", "audit_path": ["Z29vZAo="]}`, want: "illegal base64"},
|
|
{rsp: `{"leaf_input": "Z29vZAo=", "extra_data": "bogus", "audit_path": ["Z29vZAo="]}`, want: "illegal base64"},
|
|
{rsp: `{"leaf_input": "Z29vZAo=", "extra_data": "Z29vZAo=", "audit_path": ["bogus"]}`, want: "illegal base64"},
|
|
{rsp: `{"leaf_input": "Z29vZAo=", "extra_data": "Z29vZAo=", "audit_path": ["bbbb",]}`, want: "invalid"},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
ts := serveRspAt(t, "/ct/v1/get-entry-and-proof", test.rsp)
|
|
defer ts.Close()
|
|
lc, err := client.New(ts.URL, &http.Client{}, jsonclient.Options{})
|
|
if err != nil {
|
|
t.Errorf("Failed to create client: %v", err)
|
|
continue
|
|
}
|
|
got, err := lc.GetEntryAndProof(ctx, 99, 100)
|
|
if err == nil {
|
|
t.Errorf("GetEntryAndProof()=%+v, nil; want nil, %q", got, test.want)
|
|
} else if !strings.Contains(err.Error(), test.want) {
|
|
t.Errorf("GetEntryAndProof()=nil, %q; want nil, %q", err, test.want)
|
|
}
|
|
if got != nil {
|
|
t.Errorf("GetEntryAndProof()=%+v, _; want nil, _", got)
|
|
}
|
|
if len(test.rsp) > 0 {
|
|
// Expect the error to include the HTTP response
|
|
if rspErr, ok := err.(client.RspError); !ok {
|
|
t.Errorf("GetEntryAndProof()=nil, .(%T); want nil, .(RspError)", err)
|
|
} else if string(rspErr.Body) != test.rsp {
|
|
t.Errorf("GetEntryAndProof()=nil, .Body=%q; want nil, .Body=%q", rspErr.Body, test.rsp)
|
|
}
|
|
}
|
|
}
|
|
}
|